-
Notifications
You must be signed in to change notification settings - Fork 24.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clean up role resolution with CrossClusterApiKeyRoleReference
#108707
base: main
Are you sure you want to change the base?
Conversation
Pinging @elastic/es-security (Team:Security) |
@elasticmachine update branch |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
sorry took so long to review
@@ -127,9 +120,46 @@ public BytesReference getRoleDescriptorsBytes() { | |||
public ApiKeyRoleType getRoleType() { | |||
return roleType; | |||
} | |||
} | |||
|
|||
final class CrossClusterApiKeyRoleReference implements RoleReference { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: can add some javadoc to this , especially to disambiguate this from CrossClusterAccessRoleReference
nit*2: just a style thing...but I generally have a preference towards more top level classes and fewer nested classes. IMO it results in simpler readability and combined with Javadoc leads to less assumptions about what it does.
This PR handles role resolution for cross-cluster API key role references. Previously, these were handled as generic API key role references but the flows are now different enough to use a new, standalone class instead.
Relates: #108600